{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00200764","sets":["1164:3925:9693:9907"]},"path":["9907"],"owner":"44499","recid":"200764","title":["既存のWebアプリケーションへの適用性を考慮したプリミティブなTrusted TypesによるClient-Side XSS防御手法の提案"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-11-26"},"_buckets":{"deposit":"0bf81018-3f03-45bf-bd16-fa32776c5b21"},"_deposit":{"id":"200764","pid":{"type":"depid","value":"200764","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"既存のWebアプリケーションへの適用性を考慮したプリミティブなTrusted TypesによるClient-Side XSS防御手法の提案","author_link":["488845","488847","488846","488848"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"既存のWebアプリケーションへの適用性を考慮したプリミティブなTrusted TypesによるClient-Side XSS防御手法の提案"}]},"item_type_id":"4","publish_date":"2019-11-26","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"奈良先端科学技術大学院大学先端科学技術研究科"},{"subitem_text_value":"奈良先端科学技術大学院大学総合情報基盤センター"},{"subitem_text_value":"奈良先端科学技術大学院大学総合情報基盤センター"},{"subitem_text_value":"奈良先端科学技術大学院大学総合情報基盤センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Science and Technology, Nara Institute of Science and Technology","subitem_text_language":"en"},{"subitem_text_value":"Information Initiative Center, Nara Institute of Science and Technology","subitem_text_language":"en"},{"subitem_text_value":"Information Initiative Center, Nara Institute of Science and Technology","subitem_text_language":"en"},{"subitem_text_value":"Information Initiative Center, Nara Institute of Science and Technology","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/200764/files/IPSJ-CSEC19087005.pdf","label":"IPSJ-CSEC19087005.pdf"},"date":[{"dateType":"Available","dateValue":"2021-11-26"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC19087005.pdf","filesize":[{"value":"376.3 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"ff063e78-d756-4321-98ab-74d9cb3fe100","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"山崎, 勇二"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"垣内, 正年"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"新井, イスマイル"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"藤川, 和利"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"現在，Web はインターネットの中でも最も重要なプラットフォームの一つとなっている．その一方で攻撃者が脆弱な Web アプリケーションに悪意のあるスクリプトを挿入し実行させるクロスサイトスクリプティング (XSS) の脆弱性が問題となっており，近年ではクライアント側の機能増加に伴い，XSS の一種である Client-Side XSS が問題となっている．この問題に対処するために，テイントトラッキングによる検知 ・防御策が提案されているが，パフォーマンスに影響が発生し，実用的なものが無いのが現状である．本研究では，パフォーマンスと既存の Web アプリケーションへの影響を小さくした Client-Side XSS の防御を目的とする．具体的には，安全な文字列であるかを型で検証する Trusted Types を，プリミティブな型として定義することによる防御手法を提案する．Trusted Types を用いることにより，JavaScript を生成する実行シンクは開発者が安全な文字列であると明示した文字列のみを許可するため，Client-Side XSS の脆弱性を塞ぐことが可能となり，加えて防御に必要な処理は文字列の型を検証するのみとなるため，パフォーマンスへの影響を軽減しながら防御が可能となる．この Trusted Types をプリミティブな型として定義し，JavaScript ソースの構文解析の段階で割り当てることで，既存の Web アプリケーションに変更を加えず Trusted Types を適用させる．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2019-11-26","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"5","bibliographicVolumeNumber":"2019-CSEC-87"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"updated":"2025-01-19T21:15:11.691251+00:00","created":"2025-01-19T01:04:15.574033+00:00","links":{},"id":200764}